[Bug 247679] New: apparmor does not report missing link permissions in complain mode
https://bugzilla.novell.com/show_bug.cgi?id=247679 Summary: apparmor does not report missing link permissions in complain mode Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: dreynolds@novell.com ReportedBy: jjohansen@novell.com QAContact: dreynolds@novell.com In complain mode apparmor does not report missing link permission. This prevents the tools from learning the link behavior from logged complain messages. AppArmor does correctly log REJECT messages in enforce mode for missing link permissions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679 jjohansen@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679 jjohansen@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|dreynolds@novell.com |jjohansen@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679 ------- Comment #1 from agruen@novell.com 2007-02-23 12:58 MST ------- At least the latest code indicates that an "Internal error auditing event type .." message should have ended up in the audit log and syslog instead. This is because aa_link_perm() reports back -EPERM but not which permissions it found missing. Will do a patch; we need to check for this kind of problem in other places as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679 ------- Comment #2 from jjohansen@novell.com 2007-02-28 16:23 MST ------- The current code for link got reworked by the vsfmnt patches so the issue with the current code is different than in 10.2 or SLES10. In 10.2 and SLES10 the aa_link code detects the failed link then check if it is in complain mode and if so clears the error code. This results in the audit code not seeing the link message as a failure but as a success so a message is never sent to the audit subsystem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679 jjohansen@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |250052 nThis| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=247679#c4
Dominic Reynolds
https://bugzilla.novell.com/show_bug.cgi?id=247679#c5
--- Comment #5 from John Johansen
Is there a patch for this?
yes, added it to the patch set for the maintenance update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=247679#c7
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=247679
Michal Svec
https://bugzilla.novell.com/show_bug.cgi?id=247679
User jjohansen@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=247679#c8
John Johansen
participants (1)
-
bugzilla_noreply@novell.com